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..SPECIFICATION and at step 48 communicates that new counter value to 
player terminal 14 as the record identifier 32. 

In response to the additional record identifier 32 from the 
additional level game, record access program code at player 
terminal 14 accesses the identified game record 25 at step 52. The 
display control program code operating at player terminal 14 then 
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Claims 
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English Abstract 

A management system (Al) provides a remote access service to units of 
equipment at distributed locations of a communications network (A4) . For 
instance, it can provide automatic meter reading over a PSTN for utility 
companies (A5) . The management system (Al) initiates calls over the 
network (A4) to selected units, usually pre-determined, in response to 
call requests, and can provide considerable functionality such as 
authentication and batch processing of the request. Conflict with 
ordinary traffic on the network (A4) can be avoided by monitoring for 
ordinary traffic calls and clearing down any existing conflicting remote 
access calls or blocking any requested potentially conflicting remote 
access calls. Uncompleted or blocked remote access calls are 
automatically re-scheduled by the management system (Al) . 

French Abstract 

Un systeme de gestion (Al) permet d'acceder a distance a des unites 
d'equipement situees a des emplacements repartis sur un reseau de 
telecommunications {A4) . II permet, par exemple, a des societes de 
service public d'effectuer une lecture automatique de compteurs a travers 
un reseau telephonique commute public (RTPC) . Ce systeme de gestion (Al) 
lance des appels a travers le reseau (A4) vers des unites selectionnees , 
normalement predeterminees , en reponse a des demandes d'appel et peut 
realiser des performances efficaces, telles que 1 ' authentif ication et le 
traitement groupe de la demande. II permet d'eviter des incompatibilites 
de trafic ordinaire sur le reseau (A4) au moyen du controle d' appels de 
trafic ordinaire et de la liberation de tous appels incompatibles d'acces 



a distance en cours ou du blocage de tous appels demandes d'acces a 
distance potentiellement incompatibles . Les appels d'acces a distance non 
etablis ou bloques sont reprogrammes automat iquement par le systeme de 
gestion (Al) . 
Fulltext Availability: 
Detailed Description 

Detailed Description . , 

... data interpreters associated with both the TP 41 and the TIU 63, which 
interpret each character in turn on receipt of a data record . 

Table 2 lists all the replaceable parameter types which have been defined 
for this example. 

Character Meaning Source of variable Parameter 
data type 
inserted 

I TIU ID From TSIVIS TIU control 

k Key string used for Internally TIU control 

authenticating TIU using generated by TP 
a challenge/response 
sequence 

p Port number to be used... 
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ABSTRACT EP 13 03 075 Al 

To provide a data access management system that enables access control 
management for data files stored in a memory of a device. The system 
manages data access processing performed by an access unit for a 
memory-loaded device, and issues a service permission ticket (SPT) , which 
serves, as an access control ticket in which an access mode to be accepted 
for the access unit, such as a reader /writer , is set. The memory- loaded * 
device receives the service permission ticket (SPT) from the access unit, 
and performs processing according to the access mode indicated in the 
service permission ticket (SPT) . The service permission tickets (SPTs) in 
which access modes to be accepted for the access units are set are 
individually issued according to the access units. Accordingly, various 
modes of access according to the access units can be executed. 

ABSTRACT WORD COUNT: 137 

NOTE: 

Figure number on first page: 0001 

LEGAL STATUS (Type, Pub Date., Kind, Text) : 
Application: 021120 Al International application. (Art. 158(1)) 

Application: 021120 Al International application entering European 
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Total word count - dociiinent A 87828 
Total word count - document B 0 
Total word count - documents A + B 87828 

...SPECIFICATION ticket. The memory-loaded device executes mutual 

authentication according to the mutual-authentication-mode designation 
data of the service permission ticket (SPT) , and performs processing 
according to a description in the received ticket on the condition that 
the mutual authentication is successfully conducted. 
According to. . . 

. . .according to the access mode, and also performs read or write processing 
on the target file that is set as the target file identifier in the 
service permission ticket (SPT) according to the read or write 
permission data set in the service permission ticket (SPT) . 

According to an embodiment of the memory- loaded device of the present 
invention, the service permission ticket (SPT) contains a plurality of 
file identifiers for identifying a plurality of data files to be 
accessed, one of the plurality of... 

... embodiment of the memory-loaded device of the present invention, the 
control means generates a file open table in which the file 
identifier, which serves as ID data of a file that has been subject to 
file open processing performed based on the service permission ticket 
(SPT) received during a session with the access unit is related to the 
access .... 

...a command received from the access unit is to be executed by referring 
to the file open table . 

According to an embodiment of the memory- loaded device of the present 
invention, the memory. . .permission ticket from the access unit, and 
performs processing according to the access mode indicated in the 
service permission ticket (SPT) . 

■ According to an embodiment of the data access management method of . 
the present invention, the service permission ticket (SPT) contains a 
file identifier for identifying a data file to be accessed. The 
memory- loaded device receives the service. . . 

...method of the present invention, the service permission ticket (SPT) 
contains a plurality of file identifiers for identifying a plurality of 
data files to be accessed, one of the plurality of file identifiers 
being set as a target file identifier so that read or write 
permission data for a target file is stored, and, as... 

. . .mode of the other data file, encryption processing using an encryption 
key stored in the data file is set. The memory-loaded device, receives 
the service permission ticket (SPT) from the access unit, and performs 
a reading operation for the target file... 

...the condition that the mutual authentication is successfully conducted. 
According to an embodiment of the data access management method of 
the present invention, the service permission ticket (SPT) contains 
ticket-verification designation data that designates a verification 
mode of the service permission ticket (SPT) received by the 
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TUNING OF MULTIPLE APPLICATION ENABLED DIGITAL COMMUNICATION TERMINALS TO 
ACCESS SERVICES 

ABSTIMMUNG DIGITALER KOMMUNIKATIONSENDGERATE MIT MEHRFACHANWENDUNG FUR 
ZUGANGSDIENSTE 

REGLAOE DE TERMINAUX DE COMMUNICATION NXmBRIQUES POUR APPLICATIONS 
MULTIPLES SUR DES SERVICES D'ACCES 

PATENT ASSIGNEE: 

General Instrument Corporation, (1403172), 101 Tournament Drive, Horsham, 
Pennsylvania 19044, (US), (Proprietor designated states: all) 
. INVENTOR : 

BOOTH, Robert, Charles, 1700 Rockcress Drive, Jamison, PA 18929, (US) 
TAVOLETTI, Donald, 2268 Ridge View Drive, Warrington, PA 18976, (US) 
DEL SORDO, Chris, 229 Heatherfield Drive, Souderton, PA 18964, (US) 
LEGAL REPRESENTATIVE: 

Regelmann, Thomas, Dr. (90921), Hoeger, Stellrecht & Partner, 
Uhlandstrasse 14 c, 7.0182 Stuttgart, (DE) 
PATENT (CC,No, Kind, Date):" EP 1222818 A2 020717 (Basic) 

EP 1222818 Bl 031203 
WO 2001031922 010503 
APPLICATION (CO, No, Date) : EP 2000992758 001019; WO 2000US41285 001019 
PRIORITY (CC, No, Date): US 161174 P 991022 

DESIGNATED STATES (Pub A): AT; BE; CH; CY; DE; DK; ES; FI ; FR; GB; GR; IE; 

IT; LI; LU; MC; NL; PT; SE; (Pub B) : DE; ES; FR; GB; NL 
EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS (V7): H04N-007/16 

CITED PATENTS (EP B) : EP 698999 A; EP 834798 A; US 5167035 A; US 5208665 A; 

US 5850218 A; US 5919247 A 
CITED REFERENCES (EP B) : 

PATENT ABSTRACTS OF JAPAN vol. 1996, no. 10, 31 October 1996 (1996-10-31) 
Sl JP 08 149096 A (SONY CORP), 7 June 1996 (19 96-06-07); 
ABSTRACT WORD COUNT: 6982 
NOTE: 

No A- document published by EPO 
LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Application: 010627 A2 International application. (Art. 158(1)) 

Application: 010627 A2 International application entering European 

phase 

Application: 020717 A2 Published application without search report 

Examination: 020717 A2 Date of request for examination: 20020419 

Grant: 031203 Bl Granted patent 

Oppn None: 041124 Bl No opposition filed: 20040906 

LANGUAGE ( Publication , Procedural , Application) : English; English; English 

FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS B (English) 200349 1474 

CLAIMS B (German) 200349 1361 

CLAIMS B (French) 200349 1620 

SPEC B (English) 200349 4979 
Total word count - document A 0 
Total word count - document B 943 4 

Total word count - documents A + B 9434 

. . .SPECIFICATION EPG applications can be enabled on the newer terminals 
without any need to tune to a channel for a source or service.. 

For example, the VCT (underscore) source ( underscore ) ID (underscore) count 
field and the VCT (underscore) app (underscore) ID (underscore) count fields 
in the VAT record ' s control word , viz . , 

virtual (underscore) application (underscore) control (underscore) word , 
may specify that there are no VCT (underscore) source (underscore) ID 



fields or VCT (underscore) application (underscore) ID fields present in 
the VAT record . Therefore, the traditional EPG application can run as 
before in a MAM environment. 
The services . . . 
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Detailed Description 

Claims 

Fulltext Word Count: 6500 
English Abstract 

A method and device for preventing fraud in international calls in a 
long-distance telecommunications system, where selected customers can 
avoid fraud control blocks and greater granularity is achieved in 
blocking international destinations. In the method and device, an 
override flag is created in the records of the Billing Number Screening 
(BNS) database (410) . When a call is made using a billing number whose 
corresponding record has the override flag set (417), the call is not 
stopped by fraud control blocks on certain international destinations. In 
addition, international destinations can be blocked with greater 
specificity because a Country Set Logic (CSET) field (425, 435) is added 
to the International City Code Database. The addition of CSET (425, 435) 
to this database allows particular international city destinations to be 
blocked from certain origin points . 

French Abstract 

L' invention concerne un precede et un dispositif permettant de prevenir 
la fraude au niveau des appels internationaux dans un systeme de 
telecommunications longue distance. Les clients choisis peuvent eviter 
des blocs de controle de fraude, une plus grande granularite etant ainsi 
realisee en ce qui concerne le blocage de destinations Internationales. 
Selon le precede et le dispositif, on cree un repere de priori te dans 
les enregistrements de la base de donnees de f iltrage de numeros de 
facturation (BNS). Lorsqu'un appel est effectue a I'aide d'un numero de 



facturation dont 1 ' enregistrement correspondant presents un ensemble de 
repere de priorite, ledit appel n'est pas arrete par des blocs de 
controle de fraude sur certaines destinations Internationales. En outre, 
les destinations internationales peuvent etre bloquees avec une plus 
grande specif icite, car un champ de logique d' ensemble de pays (CSET) est 
ajoute a la base de donnees internationale de codes de villes. L'ajout de 
CSET a cette base de donnees permet de bloquer certaines destinations 
internationales de villes a partir de certains points d'origine. 

Legal Status (Type, Date, Text) 

Publication 20030109 A2 Without international search report and to be 

republished upon receipt of that report. 

Examination 20030619 Request for preliminary examination prior to end of 

19th month from priority date 

Search Rpt 20030710 Late publication of international search report 

Republication 20030710 A3 With international search report. 

Fulltext Availability: 
Claims 

Claim 

... is a special service call, and there is a label field in various call 
processing databases , including an access - level database , 
containing records keyed to at least one access code used in 
obtaining the special service, an exchange- level database , containing 
records keyed to at least one 

1-15 telephone exchange, and an Automatic Number Identifier (ANI) -level 
database , containing records keyed to at least one ANI. 

9 The method as recited in claim 9, further. . .call processing of said 
call, the international destination of said call being associated with 
said record and means for blocking the call if the determining means 
determines that there is a match. 

16 The device as recited in claim 15, further comprising: 

an access - level database , containing records keyed to at least 

one access 

code used in obtaining the special service, 
an exchange- level database , containing records keyed to at least one 
telephone exchange; 

an Automatic Number Identifier (ANI) -level database , containing 
records 

keyed to at least one ANI; and 

means for determining if one or more labels... 
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Detailed Description 

Claims 

Fulltext Word Count: 10555 
English Abstract 

A method and device such as a database for storing and providing 
controlled access to objects and associated documents by multiple users 
according to predetermined privileges set by the owner, or host, of the 
stored information. Individual users (102), or guests (154), can be given 
access to the objects, their attributes and associated documents as 
• determined by the host of the information. The host of the information 
can set up access privileges based on any type of relationship (116) . 
This is particularly useful in complex business relationships between a 
host and a plurality of users, both of which may be sensitive about their 
trade secrets and other confidential information. 

French Abstract 

La presente invention concerne un precede et un dispositif tel qu'une 
base de donnees permettant de memoriser et d' assurer un controle d'acces 
a des objets et des documents associes concernant, pour des acces se 
faisant par de multiples utilisateurs selon des regies de privileges 
def inis" par le proprietaire ou hote de 1 ' information memorisee. Les 
utilisateurs individuels (102) ou les hotes invites (154) peuvent 



disposer de droits d'acces aux objets, a leurs attributs et documents 
associes dans la mesure ou 1 * information hote I'autorise. L'hote de 
1' information peut definir des privileges d'acces sur la base de tous 
types de relations (116) , Ceci est particulierement utile dans des 
relations d' affaire complexes entre un hote et une pluralite 
d'utilisateurs, les uns et les autres etant susceptibles de detenir des 
informations sensibles conf identielles voire secretes. 

Legal Status (Type, Date, Text) 

Publication 20010329 Al With international search report. 

Fulltext Availability: 
Detailed Description 

Detailed Description 

computer 152 that may be operated by a guest user in accessing objects 
and associated documents in application data base 144 . Guest 
computer 152 includes guest privileges code 3 00 may be similar to 
the host's guest i ileges code 210 (Figure 2). Guest privileges code 300 
includeis a Guest ID 302 that 
privi II 

identifies the guest when attempting to access a host object... 
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English Abstract 

The system and method of the invention generally provides for 
registering works of authorship in an online database (100) and providing 
licensing information about authorship with several rights agencies, 
royalty collecting societies and copyright offices, and the online 
database (100) in a single process. The invention allows individuals to 
identify a particular work of authorship form among many close variants; 
analyzing the license rights (143-148) necessary for a particular use of 
the work by an individual in a particular territory, determining the 
source of the licensing rights (151) in that territory and forwarding a 
request for a license to that source (152) . Finally, in a preferred 
embodiment, the invention may issue a license (154) to an individual " for 
the use of a work contemplated. 

French Abstract 

La presente invention concerne, en general, un systeme et un precede qui 
permettent d' enregistrer en un seul processus des oeuvres de 1' esprit 
dans une base de donnees en ligne.(lOO) et aupres de plusieurs agences 
d' octroi de licences, de spcietes de perception de droits de reproduction 
et de bureaux de droits d'auteur, et de fournir des informations 
concernant la concession de licences relatives aux oeuvres enregistrees . 
L' invention permet a des personnes d' identifier une oeuvre de 1' esprit 
particuliere parmi de nombreuses variantes proches , d' analyser les droits 
de licence (143-148) necessaires a une utilisation precise de 1 ' oeuvre 
par une personne sur un territoire determine, a identifier la source des 
droits de licence (151) sur ce territoire determine et a transmettre une 
demande de licence a ladite source (152). Enfin, dans un mode de 
realisation prefere, 1' invention peut delivrer a une personne une licence 
(154) qui lui permettra d'utiliser une oeuvre souhaitee. 

Fulltext Availability: 
Detailed Description 



Detailed Description 

... linking the user to the lyrics of the set of works to search within. 
Account ID : The Account ID of the account that is authorized to 
update this record . 

Last Update: The date on which this song record was last modified. 

Last Update ID : The password used by the per.son who last modified this 
record . 

C. Licensing Information 

In addition to the descriptive information, the song record has several 
data fields used in the rights request process. 

Harry Fox License: This field contains a code that indicates whether 
the song is licensed by Harry Fox. 

Rights source information: Rights requests are sent to the national 
agencies and rights societies around the. . . 
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Main International Patent Class (v7): G06F-001/00 
Publication Language: English 
Fulltext Availability: 

Detailed Description 

Claims 

Fulltext Word Count: 8788 
English Abstract 

A method and apparatus are provided for maintaining and enforcing 
security rules using protection domains. As new code arrives at a 
computer, a determination is assigned to a protection domain based on the 
source from which the code is received. The protection domain establishes 
the permissions that apply to the code. In embodiments where the code to 
be executed by the computer belongs to object classes, an association is 
established between the protection domains and the classes of objects. 
When an" object requests an' action, a determination is made as to whether 
the action is permitted based on the class to which the object belongs 
and the association between classes and protection domains. 

French Abstract 

L ' invention porte sur un precede et un appareil appliquant et renforcant 
des regies de securite a 1 ' aide de domaines proteges. Lorsqu'un nouveau 
code parvient a un ordinateur, une decision s' applique a un domaine 
protege en fonction de la source d'ou emane le code. Le domaine protege 
etablit les permissions s' appliquant au code. Dans les realisations ou le 
code devant etre execute par 1' ordinateur appartient a des classes 
d'objets, une association s' etablit entre les domaines proteges et les 
classes d'objets. Lorsqu'un objet demande une action, une decision 
d' autorisation de 1' action est prise ou non en fonction de la classe a 
laquelle appartient 1' objet et de 1 ' association entre les classes 
d'objets et les domaines proteges. 

Fulltext Availability: 
Detailed Description 

Detailed Description 

example, the method of the policy object which returns the 
permissions associated- with a code identifier is invoked passing the 
code identifier , " f ile : / /somesource" 64 somekey, " as a parameter. The 



policy object returns a permissions container object containing all the 
permissions associated with the code identifier " file 

;Hsoinesource" " somekey." There is only one permission associated 
with the code identifier 1 5 " file : / /somesource" somekey", 
which is a permission to write to any file in directory "/tmp/*". 
Then protection domain object 2 82 is created and populated with the 
permission just mentioned. 

Note the policy object may determine that no protection domain is defined 
for a code identifier In this case, a default protection domain is 
provided. Typically, a default protection domain contains... 
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Security control process method for data in processing system - using 
access control circuits for routing access requests, allowing temporary 
access to blocks of data associated with user identifier code and storing 
security record 
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IE 69547 B EN 13 2 

Alerting Abstract IE B 

The method applies to several data processors connected in cluster. Each 
processor is connected to storage device and has memory circuit and data 
access control circuit. The method comprises several steps. First each 
processor- stores a user identifer code and addresses for blocks of data 
which are addressable by a data device. The blocks of data are associated 
with the user identifer codes. Next a security record is stored, 
associated with a user identifer code. The record includes at least one 
other user identifier code. In combination, the indicator and the 
associated user identifer code in the security record specify 
additional access rights for the data device associated with the 
record , 

The data access control circuit allows access to the blocks of data 
associated with the user identifer code upon receipt of an access request 
from a data device. The user interface transmits a request for access to 
additional blocks of data. The data access control circuit subsequently 
refers to the security record to determine which blocks of data may be 
accessed temporarily by the data device. 

USE/ADVANTAGE - Allows appropriate access by departmental personnel to 
stored data, without too rigid security arrangements. Achieves control but 
with maximum flexibility. 

Title Terms/Index Terms /Additional Words: SECURE; CONTROL; PROCESS; METHOD; 
DATA; SYSTEM; ACCESS; CIRCUIT; ROUTE; REQUEST; ALLOW; TEMPORARY; BLOCK; 
ASSOCIATE; USER; IDENTIFY; CODE; STORAGE; RECORD 
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International Classification (Main) : G06F-012/14" 

File Segment: EPI; 
DWPI Class: TOl 

Manual Codes (EPI/S-X) : T01-H01C2; T01-H08.., 

Alerting Abstract ...device. The blocks of data are associated with the 
user identifer codes. Next a security record is stored, associated with a 
user identifer code. The record includes at least one other user 
identifier code. In combination, the indicator and the associated user 
identifer code in the security record specify additional access 
rights for the data device associated with the record . 
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Data security operation in multiprocessor shared memory system - using 
security record associated with user identifier code, for specifying 
additional access rights for device associated with record, and access 
control circuit 
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Alerting Abstract IE B3 

The data security control process method is carried out by a number of 
data processors connected in a cluster, each processor being connected to a 
storage device and having a memory circuit and a data access control 
circuit. Each processor stores in a storage device a user identifier 

code; and addresses for blocks of data which are addressable by a data 
device. The blocks of data are associated with the user identifier codes. A 
security record is stored in the storage device. The security record is 
associated with a user identifer code. Te security record includes at 
least one other user identifier code. The indicator and the associated user 
identifier ■ code in the security record , in combination, specify 
additional access rights for the data device associated with the 
security record . 

The data access control circuit allows access to the blocks of data 
associated with the user identifier code upon receipt of an access request 
from a data device, and the user interface transmits a request for access 
to additional blocks of data and the data access control circuit 
subsequently referring to the security record to determine which blocks of 
data may be accessed temporarily by the data device. 

ADVANTAGE - Achieves optimum advantages of strict access control and 
maximum flexibility to provide for efficient management . of organisation. 

Title Terms/Index Terms /Additional Words: DATA; SECURE; OPERATE; 

MULTIPROCESSOR; SHARE; MEMORY; SYSTEM; RECORD; ASSOCIATE; USER; IDENTIFY; 
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Alerting Abstract ...and a data access control circuit. Each processor 
stores in a storage device a user identifier code, and addresses for 
blocks of data which are addressable by a data device. The blocks of data 



are associated with the user identifier codes. A security record is 
stored in the storage device. The security record is associated with a 
user identifer code. Te security record includes at least one other user 
identifier code. The indicator and the associated user identifier code 
in the security record , in combination, specify additional access 
rights for the data device associated with the security record . 
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Modern computer networks make it possible to distribute documents quickly 
and economically by electronic means rather than by conventional paper 
means. However, the widespread adoption of electronic distribution of 
copyrighted material is currently impeded by the ease of unauthorized 
copying and dissemination. In this paper we propose techniques that 
discourage unauthorized distribution by embedding each document with a 
unique codeword. Our encoding techniques are indiscernible by readers, yet 
enable us to identify the sanctioned recipient of a document by examination 
of a recovered document. We propose three coding methods, describe one in 
detail, and present experimental results showing that our identification 
techniques are highly reliable, even after documents have been photocopied. 

English Descriptors: Electronic marking; Doc\iment copying; Copyrighted 
materials; Document embedding; Code word ; Application; Computer 
networks; Security of data ; Identification ( control systems); 
Encoding (symbols); Photocopying; Database systems; Cryptography; Data 

communication systems; Robustness (control systems); Spurious signal 
noise; Electronic publishing 
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Abstract 

More and more information is distributed in XML format, both on corporate Intranets and on the global Net. In this 
paper an Access Control System for XML is described allowing for definition and enforcement of access restrictions 
directly on the structure and content of XML documents, thus providing a simple and effective way for users to protect 
information at the same granularity level provided by the language itself. © 2000 Published by Elsevier Science B.V. All 
rights reserved. 

Keywords: Security; Access control model; XML 



1. Introduction 

As more and more information is made available 
in extensible Markup Language (XML) format, both 
on corporate Intranets and on the global Net, con- 
cerns are being raised by developers and end-users 
about XML security problems. Early research work 
about XML was not directly related to access control 
and security, because XML was inidally introduced 
as a data format for documents; therefore, many 
researchers assumed well-known techniques for se- 
curing documents to be straightforwardly applicable 
to XML data. But the way XML is being positioned 



* Corresponding author. 

* E-mail: edamiani@crema.unimi.it 

^ E-mail: {decapita,samarati}@dsi. unimi.it 
^E-mail: parabosc@elet.poIimi.it 



has caused some to question if additional measures 
will be necessary. 

For example, in the scenario of the oncoming 
FASTER (Flexible Access to Statistics, Tables y and 
Electronic Resources) project, end-users will be able 
to control their interaction with Web sites by pulling 
the information they are interested in out of dynami- 
cally generated XML documents. However, different 
users may well have different interests or access 
authorizations, and XML enabled servers will need 
to know which data each user should get, at a 
finer level of granularity than whole documents. In 
other words, some FASTER applications will need 
to block or allow access to entire XML instances, 
while others will control access at the tag level. The 
control residing at the tag level is particulariy im- 
portant in the view of wider use of the XLink and 
XPointer standards, which enable applications to re- 
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^ ABSTRACT 

In this paper, our objective is to define a security model for regulating access to XML documents. Our 
model offers a security policy with a great expressive power. An XML document Is represented by a 
tree. Nodes of this tree are of different type (element, attribute, text, comment,.. etc). The smallest 
protection granularity of our model is the node, that is, authorisation rules granting or denying 
access to a single node can be defined. The authorisation rules related to a specific XML document 
are first defined on a separate Authorisation sheet. This Authorisation sheet is then translated into an 
XSLT sheet. If a user requests access to the XML document then the XSLT processor uses the XSLT 
sheet to provide the user with a view of the XML document which is compatible with his rights. 
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